DNSCrypt: Difference between revisions
imported>Fadenb m Syntaxhighlight |
imported>Makefu add custom resolver |
||
| Line 16: | Line 16: | ||
networking.nameservers = ["127.0.0.1"]; | networking.nameservers = ["127.0.0.1"]; | ||
}</syntaxhighlight> | }</syntaxhighlight> | ||
= DNSCrypt with custom resolver = | |||
At some point you want to run your own resolver for privacy/functionality/stability reasons. Setting up the <code>dnscrypt-wrapper</code> is straight forward in NixOS | |||
== Server Configuration == | |||
put this in <code>dnscrypt-server.nix</code> and import it your <code>configuration.nix</code>: | |||
<syntaxHighlight lang="nix"> | |||
{ config, ... }: | |||
let | |||
port = 15200; | |||
in { | |||
services.dnscrypt-wrapper = { | |||
enable = true; | |||
address = "0.0.0.0"; | |||
upstream.address = "8.8.8.8"; | |||
providerName = "2.dnscrypt-cert.<your server name>"; | |||
inherit port; | |||
}; | |||
networking.firewall.allowedUDPPorts = [ port ]; | |||
} | |||
</syntaxHighlight> | |||
== Client Configuration == | |||
put this in <code>dnscrypt-client.nix</code> and import it your configuration.nix: | |||
<syntaxHighlight lang="nix"> | |||
{ ... }: | |||
let | |||
customResolver = { | |||
address = <your server ip>; | |||
port = 15200; | |||
name = "2.dnscrypt-cert.<your server name>"; | |||
## log into the server and run this command in /var/lib/dnscrypt-wrapper | |||
# dnscrypt-wrapper --show-provider-publickey --provider-publickey-file public.key | |||
key = "0000:1111:2222:3333:4444:5555:6666:7777:8888:9999:AAAA:BBBB:CCCC:DDDD:EEEE:FFFF"; | |||
}; | |||
in { | |||
services.dnscrypt-proxy = { | |||
enable = true; | |||
inherit customResolver; | |||
}; | |||
networking.extraResolvconfConf = '' | |||
name_servers='127.0.0.1' | |||
''; | |||
} | |||
</syntaxHighlight> | |||